Every day, millions of medical images containing personal health information about patients flood the Internet. Hundreds of hospitals, medical studios, and imaging centers are running unsafe storage systems so that anyone with an Internet connection can access medical images of more than 1 billion patients worldwide through free-to-air software.
About half of all exposed images, including X-rays, ultrasounds and CT scans, are in the United States. Despite repeated warnings from security researchers to hospitals and doctors’ offices about the problem, many people ignore their warnings and continue to expose patients’ private health information. “This is getting worse every day,” says Dirk Schrader, who is a research worker at Greenbone Networks, a German security firm. “The company has been monitoring the number of leaking servers for the past year.
In September, Greenbone found 720 million medical images of more than 24 million patients being exposed online. Two months later, however, the number of exposed servers more than halved to 35 million patient scans and exposed 1.19 billion scans, a serious violation of patient privacy.
But the problem has little sign of abating. “We’ve been sending feedback to a number of healthcare providers, but the numberof exposed is still increasing,” Schrader said. If hospitals and doctors do not act accordingly, the number of medical images exposed will soon be recorded. “
Public information shows that THE PACS system is used in the hospital imaging department, the main task is to produce a variety of daily medical images (including nuclear magnetic, CT, various X-ray machines and other equipment generated images) through a variety of interfaces (analog, DICOM, network) in a digital way to save a large number of. When needed, it can be quickly turned back with a certain authorization, while adding some auxiliary diagnostic management functions. These PACS systems use the Medical Digital Imaging and Communications (DICOM) standard to manage medical imaging data.
These patient data records are very detailed and mostly include the following personal and medical details:
First and last name;
Date of birth;
Date of review;
The scope of the investigation;
The type of imaging procedure;
Institute / Clinic;
Number of images generated
Attackers can use this information to deploy and implement more effective social engineering and phishing attacks to ultimately get money.